[jboss-jira] [JBoss JIRA] Created: (JBPORTAL-2109) CMS Security Issue with LDAP/Clustered mode
Sohil Shah (JIRA)
jira-events at lists.jboss.org
Mon Aug 4 23:27:56 EDT 2008
CMS Security Issue with LDAP/Clustered mode
-------------------------------------------
Key: JBPORTAL-2109
URL: https://jira.jboss.org/jira/browse/JBPORTAL-2109
Project: JBoss Portal
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Portal CMS
Affects Versions: 2.6.6 Final
Reporter: Sohil Shah
Assignee: Sohil Shah
Fix For: 2.6.7 Final
Steps to Reproduce:
I finally managed to reproduce this. Here's my environment:
- EAP 4.3, JBoss Portal 2.6.5.SP1 HA (or 2.6.6 HA)
- enabled TC clustered SSO
First test:
----------
1/ start two nodes, one with the Service Binding Manager
2/ check if one is CMS master, other slave
3/ log in as admin:admin
4/ change security setting for the '/default' CMS folder to 'Read=User'
5/ logout
6/ login as user:user on node1 (master): ok, content is displayed
7/ logout
8/ login as user:user on node2 (slave): ok, content is displayed
=> TEST PASSED
Second test:
-----------
- same setup as before, but with LDAP:
<attribute name="ConfigFile">conf/identity/ldap_identity-config.xml</attribute>
- OpenDS is used on localhost with imported identity/src/resources/example/portal-sample-local.ldif structure
1-7 as above
8/ login as user:user on node2 (slave): failed, 404 or Access Denied (depending on Portal version)
=> TEST FAILED
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list